Issues in Information Systems Volume 14, Issue 2, pp.329-335, 2013 TOOLS AND TIPS FOR TEACHING SMARTPHONE SECURITY



Similar documents
How To Organize A Meeting On Gotomeeting

Student Access to Virtual Desktops from personally owned Windows computers

Architecture and Data Flows Reference Guide

McAfee Network Security Platform

European Convention on Products Liability in regard to Personal Injury and Death

Enterprise Digital Signage Create a New Sign

KEY SKILLS INFORMATION TECHNOLOGY Level 3. Question Paper. 29 January 9 February 2001

- DAY 1 - Website Design and Project Planning

VMware Horizon FLEX Administration Guide

VMware Horizon FLEX Administration Guide

Active Directory Service

Innovation in Software Development Process by Introducing Toyota Production System

European Convention on Social and Medical Assistance

2. Use of Internet attacks in terrorist activities is termed as a. Internet-attack b. National attack c. Cyberterrorism d.

Inter-domain Routing

the machine and check the components

Data Security 1. 1 What is the function of the Jump instruction? 2 What are the main parts of the virus code? 3 What is the last act of the virus?

The Cat in the Hat. by Dr. Seuss. A a. B b. A a. Rich Vocabulary. Learning Ab Rhyming

GENERAL OPERATING PRINCIPLES

Orthodontic marketing through social media networks: The patient and practitioner s perspective

Start Here. Quick Setup Guide. the machine and check the components DCP-9020CDW

BEC TESTS Gli ascolti sono disponibili all indirizzo

SOLVING EQUATIONS BY FACTORING

Start Here. Quick Setup Guide. the machine and check the components. NOTE Not all models are available in all countries.

New Internet Radio Feature

Small Businesses Decisions to Offer Health Insurance to Employees

Would your business survive a crisis? A guide to business continuity planning.

TOA RANGATIRA TRUST. Deed of Trust

How To Network A Smll Business

Small Business Networking

Before you can use the machine, please read this Quick Setup Guide for the correct setup and installation.

Small Business Networking

How To Set Up A Network For Your Business

1 GSW IPv4 Addressing

Reasoning to Solve Equations and Inequalities

The art of Paperarchitecture (PA). MANUAL

Small Business Networking

Small Business Networking

Interpreting the Mean Comparisons Report

ORGANIZER QUICK START GUIDE

Interactive Phone Call: Synchronous Remote Collaboration and Projected Interactive Surfaces

BSA E-Filing - Report of Foreign Bank and Financial Accounts (FBAR) THEFREE

Introductory Information. Setup Guide. Introduction. Space Required for Installation. Overview of Setup. The Manuals Supplied with This Printer ENG

THE ROYAL CORNWALL HOSPITALS NHS TRUST RESPONSE TO INFORMATION REQUEST. Date Request Received: 24 November 2014 FOI Ref: 605

Before you can use the machine, read this Quick Setup Guide for the correct setup and installation.

OxCORT v4 Quick Guide Revision Class Reports

LISTENING COMPREHENSION

AntiSpyware Enterprise Module 8.5

Architecture and Data Flows Reference Guide

Revised products from the Medicare Learning Network (MLN) ICD-10-CM/PCS Myths and Facts, Fact Sheet, ICN , downloadable.

Chapter. Contents: A Constructing decimal numbers

5 a LAN 6 a gateway 7 a modem

MATH PLACEMENT REVIEW GUIDE

1. Definition, Basic concepts, Types 2. Addition and Subtraction of Matrices 3. Scalar Multiplication 4. Assignment and answer key 5.

GAO POSTSECONDARY EDUCATION. Student Outcomes Vary at For-Profit, Nonprofit, and Public Schools. Report to Congressional Requesters

Psychological health and safety in the workplace Prevention, CAN/CSA-Z /BNQ /2013

ACCOUNTING IN THE CLOUD

Assessing authentically in the Graduate Diploma of Education

In addition, the following elements form an integral part of the Agency strike prevention plan:

An Undergraduate Curriculum Evaluation with the Analytic Hierarchy Process

OUTLINE SYSTEM-ON-CHIP DESIGN. GETTING STARTED WITH VHDL August 31, 2015 GAJSKI S Y-CHART (1983) TOP-DOWN DESIGN (1)

National Firefighter Ability Tests And the National Firefighter Questionnaire

Small Business Cloud Services

Quick Guide to Lisp Implementation

SOLVING QUADRATIC EQUATIONS BY FACTORING

JaERM Software-as-a-Solution Package

Combined Liability Insurance. Information and Communication Technology Proposal form

Vendor Rating for Service Desk Selection

Recognition Scheme Forensic Science Content Within Educational Programmes

High School Chemistry Content Background of Introductory College Chemistry Students and Its Association with College Chemistry Grades

BUSINESS PROCESS MODEL TRANSFORMATION ISSUES The top 7 adversaries encountered at defining model transformations

End-to-end development solutions

BUSINESS OWNERS PACKAGE INSURANCE APPLICATION

Transcription:

TOOLS AND TIPS FOR TEACHING SMARTPHONE SECURITY Lynn R. Heinrihs, Elon University, lheinrihs@elon.edu Beth H. Jones, Western Crolin University, jones@emil.wu.edu ABSTRACT The growth of smrtphone ownership hs een no less thn explosive, ut so hs the growth in moile seurity threts. Orgniztions tht emre BYOD (ring your own devie) poliies ple their informtion ssets t risk if employees nnot or do not mnge the seurity of their personl devies. Tody s students re tomorrow s employees who will likely hve ess to sensitive dt using their smrtphones or other moile devies. How n IS edutors prepre their students to e responsile informtion stewrds? In this pper, the uthors shre three tehing tools nd tips for inresing student wreness of smrtphone seurity: n intertive presenttion, disussion survey, nd video/poster projet. Keywords: Informtion Seurity, Smrtphones, Moile Devies, Edution nd Awreness INTRODUCTION The growth in smrtphone devie doption hs een stounding. Aording to reserh firm Flurry Anlytis, the rte of ios nd Android devie doption is 10 times fster thn the 1980s PC, twie s fst s the 1990s Internet oom, nd three times fster thn soil medi doption [14]. And while these devies re invlule for widernge of tivities suh s nking, getting diretions, heking wether, nd entertinment [15], they re lso the trget of unpreedented seurity ttks suh s mlwre, phishing, spywre, nd theft to nme few. Unseured moile devies put oth orgniztions nd individuls t risk. A joint study y MAfee nd Crnegie Mellon [10] of more thn1500 respondents in 14 ountries noted the following: Ninety-five perent of ompnies hve moile devie poliies in ple. Less thn one in three employees re wre of the poliy. Fewer thn hlf of ompnies reported tht employees understnd their moile devie ess/permissions. Furthermore, the MAfee/Crnegie Mellon study lso reveled tht, unless moile devies re issued y lrge orgniztions with seurity poliies in ple, employees tend to use their own personl phones for work-relted tsks pling greter urden on individuls to prtie informtion stewrdship. Aording to Howrd Shmidt, former yer-seurity oordintor of the Om Administrtion, eduting individuls is the key to keeping systems sfe from ttks. Business shools tody need to e tehing this to the future CEOs [17]. Their ility to use smrtphone tehnology in seure mnner determines the degree to whih they put themselves nd their orgniztions t risk. Tody s students re tomorrow s employees. Are they prepred for the responsiilities of proteting n orgniztion s informtion ssets? Informtion systems edutors n help prepre students for their future seurity responsiilities. This pper desries three tools tht the uthors hve used for inresing student wreness of smrtphone seurity threts nd prevention prties: n intertive slide presenttion, disussion survey, nd video/poster projet. By shring these ides, the uthors hope to enourge other fulty memers to lso inlude smrtphone seurity instrution in their urriul. SMARTPHONE THREATS AND SECURITY PRACTICES Over the lst few yers, moile devie seurity hs emerged s top onern of those involved with proteting informtion ssets. For exmple, in 2011, the Amerin Institute of Certified Puli Aountnts [1] identified the 329

ontrol nd use of moile devies s the top tehnology on its inititive list followed y informtion seurity. The list inludes tehnologies tht IT deision mkers should e wre of over the next 12 18 months. More reently, Rihrd Clrke, former yer-seurity hief for the White House, desried smrtphones s posing the newest nd lrgest vulnerility in orporte Ameri now [12]. Smrtphone threts n rise from oth legitimte dy-to-dy use suh s mp servies, nking, nd soil medi (see Figure 1) to well-puliized yer-ttks perpetrted through mlwre ([6], [10]). Unintentionl shring of dt in either se n put n individul t risk. And in dy of BYOD poliies, n orgniztion s informtion ssets lso my e t risk. Figure 1. Wht Dt Cn Smrtphone Apps Aess? Soure: Kelly [8] There re mny smrtphone seurity prties ville to protet users from hkers. Most simply require diligene nd wreness. For those individuls motivted to lern the nuts nd olts of seuring their personl devies, informtion on moile devie seurity prties is redily ville online ([2], [3], [5]). One helpful nd relile list omes from the Internet Crime Complint Center, prtnership etween the Federl Bureu of Investigtion (FBI) nd Ntionl White Collr Crime Center (NWCCC), nd inludes the prties shown in Tle1 [6]: Tle1. Reommended Smrtphone Seurity Prties (Soure: Internet Crime Complint Center) Turn off fetures tht re not needed. Use enryption (if ville) to protet personl dt. Look t the reviews of the developer/ompny who pulished the pplition. Review nd understnd the permissions you re giving when you downlod pplitions. Use pssword protetion. Otin mlwre protetion. Be wre of pplitions tht enle Geo-lotion. Don t jilrek. Do not onnet to unknown wireless networks. Wipe the devie (reset it to ftory defult) when selling or trding in. Apply updtes. Avoid liking on or otherwise downloding softwre or links from unknown soures. Use the sme preutions on your moile phone s you would on your omputer when using the Internet. 330

Even though tody s genertion of students is orn moile [8], there is no gurntee tht they follow reommended seurity prties suh s those pulished y the IC3. In ft, prior reserh on students nd seurity justifies onern regrding their ttentions to risk-mitigting prties. Teer, Kruk, nd Kruk [16] exmined the omputer seurity prties of undergrdute students nd onluded tht students re leving their personl omputers vulnerle to viruses. (p. 109) Lomo-Dvid nd Shnnon [9] surveyed students regrding the reltionship etween fmilirity nd usge of 10 seurity prties. In four res, fmilirity did not trnslte to usge: psswords on emil tthments, iometri uthentition, intrusion detetion systems, nd multifeted uthentition systems. The uthors reommended tht edutionl institutions disseminte more informtion to students on sfe omputing. Finlly, Mensh nd Wilkie [11] ompred seurity prties of ollege students with respet to severl ftors inluding, ut not limited to, gender, ge, lss, nd identity theft vitimiztion. They reported trouling disonnet mong informtion seurity ttitudes, ehviors, nd tool usge mong ollege students. Less reserh is ville on students nd moile seurity thn on PC seurity. However, there is some indition tht students re not ny more ttentive to seuring their smrtphones thn they historilly hve een to seuring their PCs. The uthors [7] surveyed usiness students out their smrtphone seurity prties nd exmined differenes y gender, ge, lss, nd finnil utiliztion. Students were found to e lx in their seurity with men more willing to engge in risky ehviors thn women. There were no differenes in ehviors sed upon ge, lss, or use of smrtphones for finnil trnstions. TOOLS AND TECHNIQUES FOR TEACHNING SMARTPHONE SECURITY Okenyi nd Owens [13] reserh shows trining nd wreness redue risks to orgniztions nd re essentil to prevent hking suess rtes t oth the individul nd orgniztionl levels. Informtion systems edutors n nd should ply key role in seurity wreness nd trining. Seurity wreness efforts fous on keeping users mindful of informtion seurity prties; trining goes step further thn wreness to inlude detiled informtion nd hnds-on instrution [18]. The uthors re strong dvotes for inresing student wreness of smrtphone seurity prties. They hve developed severl instrutionl resoures for use with undergrdute udienes inluding n intertive slide presenttion, disussion survey, nd video/poster projet sed upon the EDUCAUSE Informtion Seurity Awreness ontest. Eh of these lssroom tested ides is desried elow. Intertive Slide Presenttion The 27-slide presenttion entitled, Smrtphone Seurity: How Sfe Are You? is n introdution to smrtphone seurity sis. To stimulte student interest, the presenttion egins with the question, If hker got into your phone, wht would you NOT wnt him/her to see nd/or opy? The next slide lists wht hker might see nd in some ses even lter: lendrs, ddress ooks, ontt lists, photos, musi files, text messges (old, new, even deleted ones), phone ll detils, nd we rowsing detils nd history. In ddition, ll susequent phone lls/texts ould e reorded nd forwrded to third prty! The next slides riefly desrie other types of possile mishief, suh s hkers using your phone to ll expensive interntionl or 900-numers, possile dngers of finnil trnstions, nd distriuted denil of servie (DDOS) ttks. The next slide desries the esy wys mliious softwre n e introdued to smrtphone. At this point, the slide presenttion fouses on prevention nd eomes more intertive. Slides re in pirs, with the first of the pir showing one to three reommended prties long with previously otined survey results. These results re from seurity prties survey onduted y the uthors in 2011 [7]. Results show tht good seurity mesures were not eing followed y ll, or in mny ses, even mjority of students. The seond slide of the pir sks students to give resons why people might hoose not to follow prtiulr prtie. Figures 2 nd 2 present one suh pir. Figure 2 shows the results of two questions from the seurity prties survey for students to onsider. Figure 2 poses thought question. As students shre their opinions, the instrutor lists their responses on the PowerPoint slide. For exmple, the min reson given for not using pssword ws, not 331

surprisingly, simply the inonveniene of hving to enter it eh time the phone ws used. Also, not eing le to just hnd your phone to friend without hving to give them the pssword (gin, inonveniene). The entire slide show n e found here: http://pws.wu.edu/jones/smrtphoneseurity.pptx. Figure 2: Survey Results to Consider Figure 2: Thought Question The intertive slide presenttion works est with lsses in whih students esily n engge in disussions. Fulty who teh first-yer seminrs in whih personl/mpus sfety is topi might find it useful. For lrger or more mture groups of students, the next tehnique of using disussion survey might e etter option. Disussion Survey Polling is gret tehnique for shring informtion nd engging students in disussion. The euty of polling is tht it even works with lrge lss sizes. A numer of tehnologies re ville for implementing surveys or polling tivities: Course mngement systems suh Blkord or Moodle. We-sed survey tools. Clikers. Cell phones ided y polling servie (e.g., http://www.polleverywhere.om/). To implement smrtphone seurity poll, the uthors dpted former reserh survey instrument. The questionnire ontins 30 items out students pereptions of smrtphone seurity (Tle 2) nd their self-reported prties (Tle 2). The uthors sk students to omplete the survey nonymously first; then results re ggregted nd disussed. Beuse results re ggregted nd nonymous, the survey tehnique genertes interesting disussion. To dte, the uthors hve used ourse mngement softwre nd Google forms to implement the lssroom polling survey. Both hve the ility to review ggregte survey results using hrts. 332

Tle 2. Smrtphone Seurity Survey Smple Items Prt I Prt 1. Respond True or Flse to the following sttements. 1. One in five smrtphone users hs experiened some type of seurity thret with their devie. 2. Moile devie seurity is now one of the top onerns for informtion seurity professionls. 3. Moile devie seurity is now one of the top onerns for individuls who own smrt phones. 4. Mlwre (suh s viruses nd worms) n totlly rek your phone to the point where you n never use it gin. 5. It is possile for mlwre to e pled on ell phone without the owner s knowledge. 6. Mlwre n forwrd everything stored on smrtphone (ontt list, notepd, lendr, texts et.) to nery users vi Blue Tooth 7. Someone n set up fke Wi-Fi "gtewy" to whih the ltest genertion of moile phones will utomtilly onnet. One onnetion is estlished, ll the informtion pssing through n e stolen. 8. Mlwre n e instlled on smrt phone y liking on links in emils or texts. 9. Mlwre exists tht, one pled on smrtphone, n forwrd to nother phone opy of ll text messges reeived nd sent 10. Your phone n get infeted y mlwre tht utomtilly lls premium-rte telephone numers (900 numers suh s dult ht lines nd teh support), giving you quite surprise when the ill omes in Tle 2. Smrtphone Seurity Survey Smple Items Prt II 23. Hve you instlled or enled remote wipe softwre on your smrtphone? 24. Hve you instlled or enled remote lok softwre on your smrtphone? 25. Hve you instlled or enled your phone s lotor feture? (Trks phone s whereouts if it s lost or stolen.) 26. Hve you instlled nti-virus softwre on your smrtphone? 27. If you ever disposed of smrtphone, did you (or someone else) first remove the memory rd nd wipe ll personl dt (texts, ontts, et.?) 28. To wke up fter idle, is pssword or pssode required on your smrtphone? 29. Do you store onfidentil finnil info suh s redit rd numers nd pin numers in your phone (e.g. nk ount pin numers typed in s ontts so you n look them up)? 30. Hve you set the idle timeout (so tht the sreen goes drk) to shorter time thn the ftory defult? 333

Video/Poster Projet For instrutors who re looking for more retive option tht works well in group ontext nother option is to develop n ssignment sed upon the EDUCAUSE Informtion Seurity Video nd Poster Awreness Contest [4]. The ontest soliits posters nd videos for rising student wreness of informtion seurity issues. Entries to the ontest nnot reeive diretion from fulty memers; however, designing lss projet tht inorportes the sme guidelines for purely instrutionl use is n esy lterntive. One of the uthors used the EDUCAUSE wreness poster projet s prt of n informtion seurity ourse requirement in Spring 2013. The projet ws ompleted in three phses: proposl, oneptul design, nd finl produt with presenttion. In the proposl phse, students worked individully to reserh informtion seurity topis nd propose poster ide. Students were grouped into five tems following review of the proposls. In the oneptul design phse, eh tem seleted one proposl ide to implement nd developed n initil poster onept. After reeiving feedk on the oneptul design, students implemented n eletroni version of their poster nd presented it to the lss. Although the finl posters were not limited to only smrtphone wreness issues, two of the five posters were relted to moile devie seurity: pssword/pssode protetion nd jilreking. The riteri for evluting results n follow those of the tul ontest, or e modified. Students n work individully or in tems to propose messge nd medium, develop the ide, nd generte finl produt. An instrutor hs the option of using pnel of experts for reviewing ompleted sumissions. Limittions of Tools One limittion of the intertive slide presenttion nd survey disussion tool is the prolem of urreny. The smrtphone res hnges so rpidly tht these tools n eome outdted very quikly. This is less of prolem with the video/poster projet where students develop their own messges out seurity. To help keep the disussion survey up-to-dte, one of the uthors sked for ssistne from students in n upper-level informtion seurity ourse so, even mintining survey n e lerning experiene. CONCLUSIONS The growth of smrtphone will ontinue to e ompnied y moile seurity threts. Orgniztions tht emre BYOD (ring your own devie) poliies ple their informtion ssets t risk if employees nnot or do not mnge the seurity of their personl devies. Tody s students re tomorrow s employees who will likely hve ess to sensitive dt using their smrtphones or other moile devies. Their wreness nd use of informtion seurity prties is prmount. The purpose of this pper ws to shre ides on wys to rise smrtphone seurity wreness. The uthors see smrtphone seurity s relevnt preprtion for tody s workple. Inresing student wreness of potentil risks s well s pproprite seurity prties will help prepre them for their future roles s informtion stewrds. The uthors will shre ny of the resoures they hve reted tht re referened in the pper nd hope to generte disussion regrding others lssroom experienes. REFERENCES 1. AICPA (2011). Top Tehnology Inititives, Amerin Institute of Certified Puli Aountnts, retrieved on Jnury 4, 2012 from http://www.ip.org/interestares/informtiontehnology/resoures/toptehnologyinititives/pges/2010to pteninititives-complete.spx. 2. Bker, P. (2011, Ferury 9). Top Ten Smrtphone Seurity Tips, CIO Updte, retrieved on My 11, 2010, from http://www.ioupdte.om/trends/rtile.php/3924241/top-10-smrtphone-seurity-tips.htm. 3. Chikowski, E. (2009, Ferury 26). "10 Best Prties for Moile Seurity," Bseline Mgzine, retrieved on My 11, 2010, from http://www.selinemg.om///moile-nd-wireless/10-best-prties-for-moile- Devie-Seurity/. 334

4. EDUCAUSE (2013). Informtion Seurity Awreness Video & Poster Contest. http://www.eduuse.edu/fous-res-nd-inititives/poliy-nd-seurity/yerseurity-inititive/ommunityenggement/informtion-seurity-wreness-. 5. Erlnger, L. (2011, Otoer 10). "Smrtphone Seurity Best Prties," MAfee Blog Centrl, retrieved vemer, 04, 2011 from http://logs.mfee.om/enterprise/seurity-onneted/smrtphone-seurity-estprties-2. 6. IC3 (2012, Otoer 12). Smrtphone Users Should Be Awre of Mlwre Trgeting Moile Devies nd Sfety Mesures to Help Avoid Compromise, n Intelligene te from the Internet Crime Complint Center, retrieved on Ferury 12, 2013 from: http://www.i3.gov/medi/2012/121012.spx 7. Jones, B. nd Heinrihs, L (Winter 2012). Do Business Students Prtie Smrtphone Seurity? Journl of Computer Informtion Systems, pp. 22-30. 8. Kelly, T (2012, Ferury 27). Free pps 'n spy on texts nd lls': Smrtphone users wrned of privy dngers, Mil Online, retrieved on 2/17/2013 from http://www.dilymil.o.uk/sieneteh/rtile- 2106627/Internet-firms-ess-texts-emils-pitures-spying-smrtphone-pps.html 9. Lomo-Dvid, E. nd Shnnon, L. (2009). "Informtion Systems Seurity nd Sfety Mesures: The Dihotomy Between Students Fmilirity nd Prtie," Ademy of Informtion nd Mngement Sienes Journl, (12:1), pp. 29-47. 10. MAfee (2011, My 24). Moility nd Seurity: Dzzling Opportunities, Profound Chllenges, report ommissioned y MAfee nd produed y Crnegie Mellon University's CyL, retrieved on Ferury 12, 2013 from: http://www.mfee.om/us/resoures/reports/rp-yl-moile-seurity.pdf. 11. Mensh, S. nd Wilkie, L. (2011). "Informtion Seurity Ativities of College Students: An Explortory Study," Ademy of Informtion nd Mngement Sienes Journl, (14:2), pp. 91-116. 12. Messmer, E.(2011, Septemer 19). "Former Cyerseurity Czr Clrke Sys Smrtphones, Digitl Certifites Crete Huge Seurity Prolems," Network World, Septemer 19, 2011, retrieved on Septemer 19, 2011 from http://www.networkworld.om/news/2011/091911-lrke-yerseurity-251014.html. 13. Okenyi, P.O., & Owens, T.J. (2007). On the ntomy of humn hking. Informtion Systems Seurity, 16, 302 314. 14. Reisinger, D. (August 27, 2012). Android, ios growing 10 times fster thn PCs did in the 1980s, CNET News, retrieved on 6/19/2013 from http://news.net.om/8301-1035_3-57500961-94/ndroid-ios-growing-10- times-fster-thn-ps-did-in-the-1980s/. 15. Smith, A. (August 15, 2011). Amerins nd Their Cell Phones. A report from the Pew Internet nd Amerin Life Projet, Retrieved 10 28 2011 from: http://www.pewinternet.org/reports/2011/cell-phones.spx?sr=prhedline. 16. Teer, F., Kruk, S., nd Kruk, G. (Spring 2007). "Empiril Study of Students' Computer Seurity Prties/Pereptions," Journl of Computer Informtion Systems, pp. 105-110. 17. Thompson, C. (2013, Jnury 31). "Businesses Fing Inresing Cyer Threts: Seurity Experts," CNBC Tehnology, Retrieved from: http://www.n.om/id/100421313. 18. Whitmn, M.E. nd Mttord, H.J. (2012). Priniples of Informtion Seurity,.Course Tehnology, Cengge Lerning, Boston, MA. 335

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information